Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '879f7cf422bb301d9874936eae844a6e' = '"%TEMP%\Service Host.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '879f7cf422bb301d9874936eae844a6e' = '"%TEMP%\Service Host.exe" ..'
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Vanguard Server' = 'C:\Vanguard.exe'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Vanguard Server' = 'C:\Vanguard.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Service Host.exe" "Service Host.exe" ENABLE
- iexplore.exe
- %TEMP%\service host.exe
- %ALLUSERSPROFILE%\frontdisplay.exe
- C:\vanguard.exe
- 'ki####00.ddns.net':5553
- 'ki####00.ddns.net':99
- DNS ASK ki####00.ddns.net
- '%TEMP%\service host.exe'
- '%ALLUSERSPROFILE%\frontdisplay.exe'
- 'C:\vanguard.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\Service Host.exe" "Service Host.exe" ENABLE' (со скрытым окном)
- '%ProgramFiles(x86)%\internet explorer\iexplore.exe'